Adobe Systems has issued an emergency update for its Flash media player to patch two critical zero-day vulnerabilities that allow attackers to surreptitiously install malware on end-user computers.
The previously unknown vulnerabilities were unearthed in the 400-gigabyte data dump hackers published nine days ago after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world. As previously reported, Hacking Team was itself hacked by unknown individuals, who then published e-mails, sales invoices, and marketing material that appeared to contradict long-standing assurances from company executives that they operated ethically and didn’t do business with repressive governments.
The two Flash vulnerabilities unearthed this past weekend are in addition to a third one found earlier in the Hacking Team dump, which Adobe patched last week, a few days after it was discovered. All three critical vulnerabilities were present in Flash versions for Windows, Mac OS X, and Linux. At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows.
Read 2 remaining paragraphs | Comments

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.